Both stories from ESET:
- MARC-ETIENNE M.LÉVEILLÉ: New crypto-ransomware hits macOS
- LUKAS STEFANKO: Sunny with a chance of stolen credentials: Malicious weather app found on Google Play
Both stories from ESET:
BitDefender analysis: New Xagent Mac Malware Linked with the APT28
Commentary by John Leyden for The Register: Kremlin-linked hackers believed to be behind Mac spyware Xagent – iPhone backups can be slurped for Mother Russia, say researchers
More about APT28 from BitDefender.
Largely focused on Patrick Wardle’s analysis: New Attack, Old Tricks › analyzing a malicious document with a mac-specific payload.
Also touches on MacDownloader, which seems to impersonate both an installer and an anti-malware tool: IKITTENS: IRANIAN ACTOR RESURFACES WITH MALWARE FOR MAC (MACDOWNLOADER)
George V. Hulme: New Mac malware on the loose: What you need to know
No, malicious macros haven’t entirely gone away… In fact, this is almost (in a superficial sort of way) where I came in, 20 years ago: Macs and Macros – the State of the Macintosh Nation (my first Virus Bulletin paper).
Here’s an article by Will Strafach in which he talks about 76 Popular Apps Confirmed Vulnerable to Silent Interception of TLS-Protected Data. He classifies all the apps he discusses as ‘low risk’, but adds that:
The applications deemed Medium/High Risk will be posted in a follow up within 60 to 90 days, after reaching out to affected banks, medical providers, and other developers of sensitive applications which are vulnerable.
Commentary by Graham Cluley here: 76 popular iPhone apps found wide open to data interception attacks
Graham Cluley: Apple issues security patches for… just about everything
For Malwarebytes, Thomas Reed reports on this New Mac backdoor using antiquated code. Kevin Townsend commented at some length for SecurityWeek – New “Quimitchin” Mac Malware Emerges Targeting Scientific Research – and quotes me. Commentary by Zeljka Zorz for Help Net Security: Fruitfly: Unusual Mac backdoor used for tightly targeted attacks?
Since Kevin actually cited this site’s tag line – ‘The official Mac Virus blogsite’ – perhaps I should explain what is meant by ‘official’ in this case, by quoting our About page.
Mac Virus is an anti-malware information page created by Susan Lesch in the 1990s, and inherited by David Harley when Susan couldn’t find time to update it any more. He wasn’t updating it much either, but as Mac malware looked like becoming a larger part of his life, this started to change drastically in 2010. However, it’s become much less of a priority in recent years.
Why ‘The Official Mac Virus blogsite’? Well, we don’t claim any particular authority to comment on OS X/iOS/Android security apart from David’s 30-odd years in the security industry: that tagline was introduced simply to differentiate the site from several wannabe sites that started to call themselves Mac Virus. It’s ‘official’ only in that Susan asked David to continue to support the site in some form when she no longer had time to, rather than let it be co-opted by anyone who had no connection to the original site.
It’s not ‘official’ in the sense of representing malware writers, the anti-malware industry, the security product testing industry, Apple, Android, Microsoft or anyone else. It’s just a platform where I pass on and comment on news and issues relating to security – especially Mac and smartphone/tablet security – that I find interesting. Furthermore, because I’m semi-retired, I give it a lot less attention than I used to. Apologies if anyone is expecting more than that.
In case you were wondering what happened as regards the story I previously blogged at AVIEN– Smart TV Hit by Android Ransomware – it appears that LG has decided after all to make the reset instructions for the TV public rather than requiring an LG engineer to perform the task for only twice the price of a new set… Note that this was an old model running Android, not a newer model running WebOS.
Catch-up story by David Bisson (following up on his earlier story for Metacompliance) for Graham Cluley’s blog: How to remove ransomware from your LG Smart TV – And the ransomware devs go home empty-handed!
The article quotes The Register’s article here, which details the instructions, but also links to a video on YouTube by Darren Cauthon – who originally flagged the problem – demonstrating the process.
[Also posted at AVIEN.]
Trustwave’s analysis of what it describes as a possible ‘backdoor’ in Skype:
‘As described in the Trustwave advisory, the issue is an authentication by-pass discovered in the API whereby a local program could by-pass authentication if they identified themselves as the program responsible for interfacing with the Desktop API on behalf of the Skype Dashboard widget program.’
Microsoft denies that it’s a backdoor, but acknowledges the vulnerability.
Commentary by John Leyden for The Register: Infosec bods: This is a backdoor in Skype for Macs. Microsoft: No. – Dodgy API let apps and plugins silently pry into chat logs, record calls and more